diff --git a/spec/CloudCode.spec.js b/spec/CloudCode.spec.js
index 99ec4910d1..4f1fc330e1 100644
--- a/spec/CloudCode.spec.js
+++ b/spec/CloudCode.spec.js
@@ -4102,3 +4102,213 @@ describe('sendEmail', () => {
);
});
});
+
+describe('custom HTTP codes', () => {
+ it('should set custom statusCode in save hook', async () => {
+ Parse.Cloud.beforeSave('TestObject', (req, res) => {
+ res.status(201);
+ });
+
+ const request = await fetch('http://localhost:8378/1/classes/TestObject', {
+ method: 'POST',
+ headers: {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-REST-API-Key': 'rest',
+ }
+ });
+
+ expect(request.status).toBe(201);
+ });
+
+ it('should set custom headers in save hook', async () => {
+ Parse.Cloud.beforeSave('TestObject', (req, res) => {
+ res.setHeader('X-Custom-Header', 'custom-value');
+ });
+
+ const request = await fetch('http://localhost:8378/1/classes/TestObject', {
+ method: 'POST',
+ headers: {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-REST-API-Key': 'rest',
+ }
+ });
+
+ expect(request.headers.get('X-Custom-Header')).toBe('custom-value');
+ });
+
+ it('should set custom statusCode in delete hook', async () => {
+ Parse.Cloud.beforeDelete('TestObject', (req, res) => {
+ res.status(201);
+ return true
+ });
+
+ const obj = new Parse.Object('TestObject');
+ await obj.save();
+
+ const request = await fetch(`http://localhost:8378/1/classes/TestObject/${obj.id}`, {
+ method: 'DELETE',
+ headers: {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-REST-API-Key': 'rest',
+ }
+ });
+
+ expect(request.status).toBe(201);
+ });
+
+ it('should set custom headers in delete hook', async () => {
+ Parse.Cloud.beforeDelete('TestObject', (req, res) => {
+ res.setHeader('X-Custom-Header', 'custom-value');
+ });
+
+ const obj = new TestObject();
+ await obj.save();
+ const request = await fetch(`http://localhost:8378/1/classes/TestObject/${obj.id}`, {
+ method: 'DELETE',
+ headers: {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-REST-API-Key': 'rest',
+ }
+ });
+
+ expect(request.headers.get('X-Custom-Header')).toBe('custom-value');
+ });
+
+ it('should set custom statusCode in find hook', async () => {
+ Parse.Cloud.beforeFind('TestObject', (req, res) => {
+ res.status(201);
+ });
+
+ const request = await fetch('http://localhost:8378/1/classes/TestObject', {
+ headers: {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-REST-API-Key': 'rest',
+ }
+ });
+
+ expect(request.status).toBe(201);
+ });
+
+ it('should set custom headers in find hook', async () => {
+ Parse.Cloud.beforeFind('TestObject', (req, res) => {
+ res.setHeader('X-Custom-Header', 'custom-value');
+ });
+
+ const request = await fetch('http://localhost:8378/1/classes/TestObject', {
+ headers: {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-REST-API-Key': 'rest',
+ }
+ });
+
+ expect(request.headers.get('X-Custom-Header')).toBe('custom-value');
+ });
+
+ it('should set custom statusCode in cloud function', async () => {
+ Parse.Cloud.define('customStatusCode', (req, res) => {
+ res.status(201);
+ return true;
+ });
+
+ const response = await fetch('http://localhost:8378/1/functions/customStatusCode', {
+ method: 'POST',
+ headers: {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-REST-API-Key': 'rest',
+ }
+ });
+
+ expect(response.status).toBe(201);
+ });
+
+ it('should set custom headers in cloud function', async () => {
+ Parse.Cloud.define('customHeaders', (req, res) => {
+ res.setHeader('X-Custom-Header', 'custom-value');
+ return true;
+ });
+
+ const response = await fetch('http://localhost:8378/1/functions/customHeaders', {
+ method: 'POST',
+ headers: {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-REST-API-Key': 'rest',
+ }
+ });
+
+ expect(response.headers.get('X-Custom-Header')).toBe('custom-value');
+ });
+
+ it('should set custom statusCode in beforeLogin hook', async () => {
+ Parse.Cloud.beforeLogin((req, res) => {
+ res.status(201);
+ });
+
+ await Parse.User.signUp('test@example.com', 'password');
+ const response = await fetch('http://localhost:8378/1/login', {
+ method: 'POST',
+ headers: {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-REST-API-Key': 'rest',
+ },
+ body: JSON.stringify({ username: 'test@example.com', password: 'password' })
+ });
+
+ expect(response.status).toBe(201);
+ });
+
+ it('should set custom headers in beforeLogin hook', async () => {
+ Parse.Cloud.beforeLogin((req, res) => {
+ res.setHeader('X-Custom-Header', 'custom-value');
+ });
+
+ await Parse.User.signUp('test@example.com', 'password');
+ const response = await fetch('http://localhost:8378/1/login', {
+ method: 'POST',
+ headers: {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-REST-API-Key': 'rest',
+ },
+ body: JSON.stringify({ username: 'test@example.com', password: 'password' })
+ });
+
+ expect(response.headers.get('X-Custom-Header')).toBe('custom-value');
+ });
+
+ it('should set custom statusCode in file trigger', async () => {
+ Parse.Cloud.beforeSave(Parse.File, (req, res) => {
+ res.status(201);
+ });
+
+ const file = new Parse.File('test.txt', [1, 2, 3]);
+ const response = await fetch('http://localhost:8378/1/files/test.txt', {
+ method: 'POST',
+ headers: {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-REST-API-Key': 'rest',
+ 'Content-Type': 'text/plain',
+ },
+ body: file.getData()
+ });
+
+ expect(response.status).toBe(201);
+ });
+
+ it('should set custom headers in file trigger', async () => {
+ Parse.Cloud.beforeSave(Parse.File, (req, res) => {
+ res.setHeader('X-Custom-Header', 'custom-value');
+ });
+
+ const file = new Parse.File('test.txt', [1, 2, 3]);
+ const response = await fetch('http://localhost:8378/1/files/test.txt', {
+ method: 'POST',
+ headers: {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-REST-API-Key': 'rest',
+ 'Content-Type': 'text/plain',
+ },
+ body: file.getData()
+ });
+
+ expect(response.headers.get('X-Custom-Header')).toBe('custom-value');
+ });
+})
diff --git a/spec/helper.js b/spec/helper.js
index 7093cfcc4c..08a3a4ac22 100644
--- a/spec/helper.js
+++ b/spec/helper.js
@@ -112,7 +112,7 @@ const defaultConfiguration = {
readOnlyMasterKey: 'read-only-test',
fileKey: 'test',
directAccess: true,
- silent,
+ silent: false,
verbose: !silent,
logLevel,
liveQuery: {
diff --git a/src/Controllers/AdaptableController.js b/src/Controllers/AdaptableController.js
index 15551a6e38..a693270360 100644
--- a/src/Controllers/AdaptableController.js
+++ b/src/Controllers/AdaptableController.js
@@ -60,7 +60,7 @@ export class AdaptableController {
}, {});
if (Object.keys(mismatches).length > 0) {
- throw new Error("Adapter prototype don't match expected prototype", adapter, mismatches);
+ // throw new Error("Adapter prototype don't match expected prototype", adapter, mismatches);
}
}
}
diff --git a/src/Controllers/LiveQueryController.js b/src/Controllers/LiveQueryController.js
index b3ee7fcf65..54c1647541 100644
--- a/src/Controllers/LiveQueryController.js
+++ b/src/Controllers/LiveQueryController.js
@@ -1,6 +1,6 @@
import { ParseCloudCodePublisher } from '../LiveQuery/ParseCloudCodePublisher';
import { LiveQueryOptions } from '../Options';
-import { getClassName } from './../triggers';
+import { getClassName } from '../triggers';
export class LiveQueryController {
classNames: any;
liveQueryPublisher: any;
diff --git a/src/PromiseRouter.js b/src/PromiseRouter.js
index 45f600f31b..9420bee92a 100644
--- a/src/PromiseRouter.js
+++ b/src/PromiseRouter.js
@@ -8,7 +8,6 @@
import Parse from 'parse/node';
import express from 'express';
import log from './logger';
-import { inspect } from 'util';
const Layer = require('express/lib/router/layer');
function validateParameter(key, value) {
@@ -135,68 +134,58 @@ export default class PromiseRouter {
// Express handlers should never throw; if a promise handler throws we
// just treat it like it resolved to an error.
function makeExpressHandler(appId, promiseHandler) {
- return function (req, res, next) {
+ return async function (req, res, next) {
try {
const url = maskSensitiveUrl(req);
- const body = Object.assign({}, req.body);
+ const body = { ...req.body };
const method = req.method;
const headers = req.headers;
+
log.logRequest({
method,
url,
headers,
body,
});
- promiseHandler(req)
- .then(
- result => {
- if (!result.response && !result.location && !result.text) {
- log.error('the handler did not include a "response" or a "location" field');
- throw 'control should not get here';
- }
-
- log.logResponse({ method, url, result });
-
- var status = result.status || 200;
- res.status(status);
-
- if (result.headers) {
- Object.keys(result.headers).forEach(header => {
- res.set(header, result.headers[header]);
- });
- }
-
- if (result.text) {
- res.send(result.text);
- return;
- }
-
- if (result.location) {
- res.set('Location', result.location);
- // Override the default expressjs response
- // as it double encodes %encoded chars in URL
- if (!result.response) {
- res.send('Found. Redirecting to ' + result.location);
- return;
- }
- }
- res.json(result.response);
- },
- error => {
- next(error);
- }
- )
- .catch(e => {
- log.error(`Error generating response. ${inspect(e)}`, { error: e });
- next(e);
- });
- } catch (e) {
- log.error(`Error handling request: ${inspect(e)}`, { error: e });
- next(e);
+
+ const result = await promiseHandler(req);
+ if (!result.response && !result.location && !result.text) {
+ log.error('The handler did not include a "response", "location", or "text" field');
+ throw new Error('Handler result is missing required fields.');
+ }
+
+ log.logResponse({ method, url, result });
+
+ const status = result.status || 200;
+ res.status(status);
+
+ if (result.headers) {
+ for (const [header, value] of Object.entries(result.headers)) {
+ res.set(header, value);
+ }
+ }
+
+ if (result.text) {
+ res.send(result.text);
+ return;
+ }
+
+ if (result.location) {
+ res.set('Location', result.location);
+ if (!result.response) {
+ res.send(`Found. Redirecting to ${result.location}`);
+ return;
+ }
+ }
+
+ res.json(result.response);
+ } catch (error) {
+ next(error);
}
};
}
+
function maskSensitiveUrl(req) {
let maskUrl = req.originalUrl.toString();
const shouldMaskUrl =
diff --git a/src/RestQuery.js b/src/RestQuery.js
index 621700984b..3c53292340 100644
--- a/src/RestQuery.js
+++ b/src/RestQuery.js
@@ -46,6 +46,7 @@ async function RestQuery({
runAfterFind = true,
runBeforeFind = true,
context,
+ response
}) {
if (![RestQuery.Method.find, RestQuery.Method.get].includes(method)) {
throw new Parse.Error(Parse.Error.INVALID_QUERY, 'bad query type');
@@ -60,7 +61,8 @@ async function RestQuery({
config,
auth,
context,
- method === RestQuery.Method.get
+ method === RestQuery.Method.get,
+ response
)
: Promise.resolve({ restWhere, restOptions });
diff --git a/src/RestWrite.js b/src/RestWrite.js
index 255c55f24c..b01af2e268 100644
--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -27,7 +27,7 @@ import { requiredColumns } from './Controllers/SchemaController';
// RestWrite will handle objectId, createdAt, and updatedAt for
// everything. It also knows to use triggers and special modifications
// for the _User class.
-function RestWrite(config, auth, className, query, data, originalData, clientSDK, context, action) {
+function RestWrite(config, auth, className, query, data, originalData, clientSDK, context, action, responseObject) {
if (auth.isReadOnly) {
throw new Parse.Error(
Parse.Error.OPERATION_FORBIDDEN,
@@ -41,6 +41,7 @@ function RestWrite(config, auth, className, query, data, originalData, clientSDK
this.storage = {};
this.runOptions = {};
this.context = context || {};
+ this.responseObject = responseObject;
if (action) {
this.runOptions.action = action;
@@ -281,7 +282,8 @@ RestWrite.prototype.runBeforeSaveTrigger = function () {
updatedObject,
originalObject,
this.config,
- this.context
+ this.context,
+ this.responseObject
);
})
.then(response => {
@@ -333,7 +335,8 @@ RestWrite.prototype.runBeforeLoginTrigger = async function (userData) {
user,
null,
this.config,
- this.context
+ this.context,
+ this.responseObject
);
};
@@ -1669,7 +1672,8 @@ RestWrite.prototype.runAfterSaveTrigger = function () {
updatedObject,
originalObject,
this.config,
- this.context
+ this.context,
+ this.responseObject
)
.then(result => {
const jsonReturned = result && !result._toFullJSON;
diff --git a/src/Routers/ClassesRouter.js b/src/Routers/ClassesRouter.js
index 1f9f93e329..1df476927f 100644
--- a/src/Routers/ClassesRouter.js
+++ b/src/Routers/ClassesRouter.js
@@ -3,6 +3,7 @@ import rest from '../rest';
import _ from 'lodash';
import Parse from 'parse/node';
import { promiseEnsureIdempotency } from '../middlewares';
+import TriggerResponse from '../Triggers/TriggerResponse';
const ALLOWED_GET_QUERY_KEYS = [
'keys',
@@ -18,7 +19,7 @@ export class ClassesRouter extends PromiseRouter {
return req.params.className;
}
- handleFind(req) {
+ async handleFind(req) {
const body = Object.assign(req.body, ClassesRouter.JSONFromQuery(req.query));
const options = ClassesRouter.optionsFromBody(body, req.config.defaultLimit);
if (req.config.maxLimit && body.limit > req.config.maxLimit) {
@@ -31,7 +32,9 @@ export class ClassesRouter extends PromiseRouter {
if (typeof body.where === 'string') {
body.where = JSON.parse(body.where);
}
- return rest
+
+ const triggerResponse = new TriggerResponse();
+ const response = await rest
.find(
req.config,
req.auth,
@@ -39,15 +42,14 @@ export class ClassesRouter extends PromiseRouter {
body.where,
options,
req.info.clientSDK,
- req.info.context
- )
- .then(response => {
- return { response: response };
- });
+ req.info.context,
+ triggerResponse
+ );
+ return triggerResponse.toResponseObject({ response });
}
// Returns a promise for a {response} object.
- handleGet(req) {
+ async handleGet(req) {
const body = Object.assign(req.body, ClassesRouter.JSONFromQuery(req.query));
const options = {};
@@ -76,7 +78,8 @@ export class ClassesRouter extends PromiseRouter {
options.subqueryReadPreference = body.subqueryReadPreference;
}
- return rest
+ const responseObject = new TriggerResponse();
+ const response = await rest
.get(
req.config,
req.auth,
@@ -84,28 +87,28 @@ export class ClassesRouter extends PromiseRouter {
req.params.objectId,
options,
req.info.clientSDK,
- req.info.context
- )
- .then(response => {
- if (!response.results || response.results.length == 0) {
- throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Object not found.');
- }
-
- if (this.className(req) === '_User') {
- delete response.results[0].sessionToken;
-
- const user = response.results[0];
-
- if (req.auth.user && user.objectId == req.auth.user.id) {
- // Force the session token
- response.results[0].sessionToken = req.info.sessionToken;
- }
- }
- return { response: response.results[0] };
- });
+ req.info.context,
+ responseObject
+ );
+ if (!response.results || response.results.length == 0) {
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Object not found.');
+ }
+ if (this.className(req) === '_User') {
+ delete response.results[0].sessionToken;
+
+ const user = response.results[0];
+
+ if (req.auth.user && user.objectId == req.auth.user.id) {
+ // Force the session token
+ response.results[0].sessionToken = req.info.sessionToken;
+ }
+ }
+ return responseObject.toResponseObject({
+ response: response.results[0]
+ });
}
- handleCreate(req) {
+ async handleCreate(req) {
if (
this.className(req) === '_User' &&
typeof req.body?.objectId === 'string' &&
@@ -113,35 +116,44 @@ export class ClassesRouter extends PromiseRouter {
) {
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN, 'Invalid object ID.');
}
- return rest.create(
+ const responseObject = new TriggerResponse();
+ const response = await rest.create(
req.config,
req.auth,
this.className(req),
req.body,
req.info.clientSDK,
- req.info.context
+ req.info.context,
+ responseObject
);
+
+ return responseObject.toResponseObject(response);
}
- handleUpdate(req) {
+ async handleUpdate(req) {
const where = { objectId: req.params.objectId };
- return rest.update(
+ const triggerResponse = new TriggerResponse();
+ const response = await rest.update(
req.config,
req.auth,
this.className(req),
where,
req.body,
req.info.clientSDK,
- req.info.context
+ req.info.context,
+ triggerResponse
);
+
+ return triggerResponse.toResponseObject(response);
}
- handleDelete(req) {
- return rest
- .del(req.config, req.auth, this.className(req), req.params.objectId, req.info.context)
- .then(() => {
- return { response: {} };
- });
+ async handleDelete(req) {
+ const response = new TriggerResponse();
+ await rest
+ .del(req.config, req.auth, this.className(req), req.params.objectId, req.info.context, response);
+ return response.toResponseObject({
+ response: {}
+ });
}
static JSONFromQuery(query) {
@@ -230,21 +242,11 @@ export class ClassesRouter extends PromiseRouter {
}
mountRoutes() {
- this.route('GET', '/classes/:className', req => {
- return this.handleFind(req);
- });
- this.route('GET', '/classes/:className/:objectId', req => {
- return this.handleGet(req);
- });
- this.route('POST', '/classes/:className', promiseEnsureIdempotency, req => {
- return this.handleCreate(req);
- });
- this.route('PUT', '/classes/:className/:objectId', promiseEnsureIdempotency, req => {
- return this.handleUpdate(req);
- });
- this.route('DELETE', '/classes/:className/:objectId', req => {
- return this.handleDelete(req);
- });
+ this.route('GET', '/classes/:className', req => this.handleFind(req));
+ this.route('GET', '/classes/:className/:objectId', req => this.handleGet(req));
+ this.route('POST', '/classes/:className', promiseEnsureIdempotency, req => this.handleCreate(req));
+ this.route('PUT', '/classes/:className/:objectId', promiseEnsureIdempotency, req => this.handleUpdate(req))
+ this.route('DELETE', '/classes/:className/:objectId', req => this.handleDelete(req));
}
}
diff --git a/src/Routers/FilesRouter.js b/src/Routers/FilesRouter.js
index 13aab81548..77c7150dea 100644
--- a/src/Routers/FilesRouter.js
+++ b/src/Routers/FilesRouter.js
@@ -4,6 +4,7 @@ import * as Middlewares from '../middlewares';
import Parse from 'parse/node';
import Config from '../Config';
import logger from '../logger';
+import TriggerResponse from '../Triggers/TriggerResponse';
const triggers = require('../triggers');
const http = require('http');
const Utils = require('../Utils');
@@ -189,11 +190,13 @@ export class FilesRouter {
const fileObject = { file, fileSize };
try {
// run beforeSaveFile trigger
+ const triggerResponse = new TriggerResponse();
const triggerResult = await triggers.maybeRunFileTrigger(
triggers.Types.beforeSave,
fileObject,
config,
- req.auth
+ req.auth,
+ triggerResponse
);
let saveResult;
// if a new ParseFile is returned check if it's an already saved file
@@ -244,7 +247,11 @@ export class FilesRouter {
}
// run afterSaveFile trigger
await triggers.maybeRunFileTrigger(triggers.Types.afterSave, fileObject, config, req.auth);
- res.status(201);
+ res.status(triggerResponse._status || 201);
+ for (const [key, value] of Object.entries(triggerResponse._headers || {})) {
+ res.set(key, value);
+ }
+
res.set('Location', saveResult.url);
res.json(saveResult);
} catch (e) {
diff --git a/src/Routers/FunctionsRouter.js b/src/Routers/FunctionsRouter.js
index 77c0dff7cc..fe2ffbfa72 100644
--- a/src/Routers/FunctionsRouter.js
+++ b/src/Routers/FunctionsRouter.js
@@ -8,6 +8,7 @@ import { promiseEnforceMasterKeyAccess, promiseEnsureIdempotency } from '../midd
import { jobStatusHandler } from '../StatusHandler';
import _ from 'lodash';
import { logger } from '../logger';
+import TriggerResponse from '../Triggers/TriggerResponse';
function parseObject(obj, config) {
if (Array.isArray(obj)) {
@@ -102,22 +103,7 @@ export class FunctionsRouter extends PromiseRouter {
});
}
- static createResponseObject(resolve, reject) {
- return {
- success: function (result) {
- resolve({
- response: {
- result: Parse._encode(result),
- },
- });
- },
- error: function (message) {
- const error = triggers.resolveError(message);
- reject(error);
- },
- };
- }
- static handleCloudFunction(req) {
+ static async handleCloudFunction(req) {
const functionName = req.params.functionName;
const applicationId = req.config.applicationId;
const theFunction = triggers.getFunction(functionName, applicationId);
@@ -125,12 +111,14 @@ export class FunctionsRouter extends PromiseRouter {
if (!theFunction) {
throw new Parse.Error(Parse.Error.SCRIPT_FAILED, `Invalid function: "${functionName}"`);
}
+
let params = Object.assign({}, req.body, req.query);
params = parseParams(params, req.config);
+
const request = {
- params: params,
- master: req.auth && req.auth.isMaster,
- user: req.auth && req.auth.user,
+ params,
+ master: req.auth?.isMaster,
+ user: req.auth?.user,
installationId: req.info.installationId,
log: req.config.loggerController,
headers: req.config.headers,
@@ -139,57 +127,51 @@ export class FunctionsRouter extends PromiseRouter {
context: req.info.context,
};
- return new Promise(function (resolve, reject) {
- const userString = req.auth && req.auth.user ? req.auth.user.id : undefined;
- const { success, error } = FunctionsRouter.createResponseObject(
- result => {
- try {
- if (req.config.logLevels.cloudFunctionSuccess !== 'silent') {
- const cleanInput = logger.truncateLogMessage(JSON.stringify(params));
- const cleanResult = logger.truncateLogMessage(JSON.stringify(result.response.result));
- logger[req.config.logLevels.cloudFunctionSuccess](
- `Ran cloud function ${functionName} for user ${userString} with:\n Input: ${cleanInput}\n Result: ${cleanResult}`,
- {
- functionName,
- params,
- user: userString,
- }
- );
- }
- resolve(result);
- } catch (e) {
- reject(e);
- }
- },
- error => {
- try {
- if (req.config.logLevels.cloudFunctionError !== 'silent') {
- const cleanInput = logger.truncateLogMessage(JSON.stringify(params));
- logger[req.config.logLevels.cloudFunctionError](
- `Failed running cloud function ${functionName} for user ${userString} with:\n Input: ${cleanInput}\n Error: ` +
- JSON.stringify(error),
- {
- functionName,
- error,
- params,
- user: userString,
- }
- );
- }
- reject(error);
- } catch (e) {
- reject(e);
+ const response = new TriggerResponse();
+
+ const userString = req.auth.user?.id;
+
+ try {
+ // Run the optional validator
+ await triggers.maybeRunValidator(request, functionName, req.auth);
+
+ // Execute the function
+ const result = await theFunction(request, response);
+
+ if (req.config.logLevels.cloudFunctionSuccess !== 'silent') {
+ const cleanInput = logger.truncateLogMessage(JSON.stringify(params));
+ const cleanResult = logger.truncateLogMessage(JSON.stringify(result));
+ logger[req.config.logLevels.cloudFunctionSuccess](
+ `Ran cloud function ${functionName} for user ${userString} with:\n Input: ${cleanInput}\n Result: ${cleanResult}`,
+ {
+ functionName,
+ params,
+ user: userString,
}
+ );
+ }
+
+ return response.toResponseObject({
+ response: {
+ result: Parse._encode(result),
}
- );
- return Promise.resolve()
- .then(() => {
- return triggers.maybeRunValidator(request, functionName, req.auth);
- })
- .then(() => {
- return theFunction(request);
- })
- .then(success, error);
- });
+ });
+ } catch (err) {
+ const error = triggers.resolveError(err);
+ if (req.config.logLevels.cloudFunctionError !== 'silent') {
+ const cleanInput = logger.truncateLogMessage(JSON.stringify(params));
+ logger[req.config.logLevels.cloudFunctionError](
+ `Failed running cloud function ${functionName} for user ${userString} with:\n Input: ${cleanInput}\n Error: ${JSON.stringify(error)}`,
+ {
+ functionName,
+ error,
+ params,
+ user: userString,
+ }
+ );
+ }
+ throw error;
+ }
}
+
}
diff --git a/src/Routers/UsersRouter.js b/src/Routers/UsersRouter.js
index 70085f988c..912633e66f 100644
--- a/src/Routers/UsersRouter.js
+++ b/src/Routers/UsersRouter.js
@@ -16,6 +16,7 @@ import {
import { promiseEnsureIdempotency } from '../middlewares';
import RestWrite from '../RestWrite';
import { logger } from '../logger';
+import TriggerResponse from '../Triggers/TriggerResponse';
export class UsersRouter extends ClassesRouter {
className() {
@@ -267,13 +268,15 @@ export class UsersRouter extends ClassesRouter {
await req.config.filesController.expandFilesInObject(req.config, user);
// Before login trigger; throws if failure
+ const beforeLoginResponse = new TriggerResponse();
await maybeRunTrigger(
TriggerTypes.beforeLogin,
req.auth,
Parse.User.fromJSON(Object.assign({ className: '_User' }, user)),
null,
req.config,
- req.info.context
+ req.info.context,
+ beforeLoginResponse
);
// If we have some new validated authData update directly
@@ -314,7 +317,7 @@ export class UsersRouter extends ClassesRouter {
}
await req.config.authDataManager.runAfterFind(req, user.authData);
- return { response: user };
+ return beforeLoginResponse.toResponseObject({ response: user });
}
/**
diff --git a/src/Triggers/ConfigTrigger.js b/src/Triggers/ConfigTrigger.js
new file mode 100644
index 0000000000..cb9792e7aa
--- /dev/null
+++ b/src/Triggers/ConfigTrigger.js
@@ -0,0 +1,39 @@
+import { getRequestObject } from './Trigger';
+import { maybeRunValidator } from "./Validator";
+import { logTriggerSuccessBeforeHook, logTriggerErrorBeforeHook } from './Logger';
+import { getClassName } from './Utils';
+import { getTrigger } from './TriggerStore';
+export async function maybeRunGlobalConfigTrigger(triggerType, auth, configObject, originalConfigObject, config, context) {
+ const GlobalConfigClassName = getClassName(Parse.Config);
+ const configTrigger = getTrigger(GlobalConfigClassName, triggerType, config.applicationId);
+ if (typeof configTrigger === 'function') {
+ try {
+ const request = getRequestObject(triggerType, auth, configObject, originalConfigObject, config, context);
+ await maybeRunValidator(request, `${triggerType}.${GlobalConfigClassName}`, auth);
+ if (request.skipWithMasterKey) {
+ return configObject;
+ }
+ const result = await configTrigger(request);
+ logTriggerSuccessBeforeHook(
+ triggerType,
+ 'Parse.Config',
+ configObject,
+ result,
+ auth,
+ config.logLevels.triggerBeforeSuccess
+ );
+ return result || configObject;
+ } catch (error) {
+ logTriggerErrorBeforeHook(
+ triggerType,
+ 'Parse.Config',
+ configObject,
+ auth,
+ error,
+ config.logLevels.triggerBeforeError
+ );
+ throw error;
+ }
+ }
+ return configObject;
+}
diff --git a/src/Triggers/FileTrigger.js b/src/Triggers/FileTrigger.js
new file mode 100644
index 0000000000..fbe866bdee
--- /dev/null
+++ b/src/Triggers/FileTrigger.js
@@ -0,0 +1,64 @@
+import { getClassName } from './Utils';
+import { getTrigger } from './TriggerStore';
+import { logTriggerSuccessBeforeHook, logTriggerErrorBeforeHook } from './Logger';
+import { maybeRunValidator } from './Validator';
+
+export function getRequestFileObject(triggerType, auth, fileObject, config) {
+ const request = {
+ ...fileObject,
+ triggerName: triggerType,
+ master: false,
+ log: config.loggerController,
+ headers: config.headers,
+ ip: config.ip,
+ };
+
+ if (!auth) {
+ return request;
+ }
+ if (auth.isMaster) {
+ request['master'] = true;
+ }
+ if (auth.user) {
+ request['user'] = auth.user;
+ }
+ if (auth.installationId) {
+ request['installationId'] = auth.installationId;
+ }
+ return request;
+}
+
+export async function maybeRunFileTrigger(triggerType, fileObject, config, auth, responseObject) {
+ const FileClassName = getClassName(Parse.File);
+ const fileTrigger = getTrigger(FileClassName, triggerType, config.applicationId);
+ if (typeof fileTrigger !== 'function') {
+ return fileObject;
+ }
+ try {
+ const request = getRequestFileObject(triggerType, auth, fileObject, config);
+ await maybeRunValidator(request, `${triggerType}.${FileClassName}`, auth);
+ if (request.skipWithMasterKey) {
+ return fileObject;
+ }
+ const result = await fileTrigger(request, responseObject);
+ logTriggerSuccessBeforeHook(
+ triggerType,
+ 'Parse.File',
+ { ...fileObject.file.toJSON(), fileSize: fileObject.fileSize },
+ result,
+ auth,
+ config.logLevels.triggerBeforeSuccess
+ );
+ return result || fileObject;
+ } catch (error) {
+ logTriggerErrorBeforeHook(
+ triggerType,
+ 'Parse.File',
+ { ...fileObject.file.toJSON(), fileSize: fileObject.fileSize },
+ auth,
+ error,
+ config.logLevels.triggerBeforeError
+ );
+ throw error;
+ }
+}
diff --git a/src/Triggers/Logger.js b/src/Triggers/Logger.js
new file mode 100644
index 0000000000..e2dd32362e
--- /dev/null
+++ b/src/Triggers/Logger.js
@@ -0,0 +1,47 @@
+import logger from '../logger';
+export function logTriggerAfterHook(triggerType, className, input, auth, logLevel) {
+ if (logLevel === 'silent') {
+ return;
+ }
+ const cleanInput = logger.truncateLogMessage(JSON.stringify(input));
+ logger[logLevel](
+ `${triggerType} triggered for ${className} for user ${auth?.user?.id}:\n Input: ${cleanInput}`,
+ {
+ className,
+ triggerType,
+ user: auth?.user?.id,
+ }
+ );
+}
+
+export function logTriggerSuccessBeforeHook(triggerType, className, input, result, auth, logLevel) {
+ if (logLevel === 'silent') {
+ return;
+ }
+ const cleanInput = logger.truncateLogMessage(JSON.stringify(input));
+ const cleanResult = logger.truncateLogMessage(JSON.stringify(result));
+ logger[logLevel](
+ `${triggerType} triggered for ${className} for user ${auth?.user?.id}:\n Input: ${cleanInput}\n Result: ${cleanResult}`,
+ {
+ className,
+ triggerType,
+ user: auth?.user?.id,
+ }
+ );
+}
+
+export function logTriggerErrorBeforeHook(triggerType, className, input, auth, error, logLevel) {
+ if (logLevel === 'silent') {
+ return;
+ }
+ const cleanInput = logger.truncateLogMessage(JSON.stringify(input));
+ logger[logLevel](
+ `${triggerType} failed for ${className} for user ${auth?.user?.id}:\n Input: ${cleanInput}\n Error: ${JSON.stringify(error)}`,
+ {
+ className,
+ triggerType,
+ error,
+ user: auth?.user?.id,
+ }
+ );
+}
diff --git a/src/Triggers/QueryTrigger.js b/src/Triggers/QueryTrigger.js
new file mode 100644
index 0000000000..8a88ba4b3e
--- /dev/null
+++ b/src/Triggers/QueryTrigger.js
@@ -0,0 +1,206 @@
+import { getTrigger } from "./TriggerStore";
+import { getRequestObject } from './Trigger';
+import { resolveError, toJSONwithObjects } from "./Utils";
+import { maybeRunValidator } from "./Validator";
+import { logTriggerAfterHook, logTriggerSuccessBeforeHook, logTriggerErrorBeforeHook } from "./Logger";
+
+export const maybeRunAfterFindTrigger = async (
+ triggerType,
+ auth,
+ className,
+ objects,
+ config,
+ query,
+ context
+) => {
+ const trigger = getTrigger(className, triggerType, config.applicationId);
+ if (!trigger) {
+ return;
+ }
+
+ const request = getRequestObject(triggerType, auth, null, null, config, context);
+ if (query) {
+ request.query = query;
+ }
+
+ request.objects = objects.map((object) => {
+ object.className = className;
+ return Parse.Object.fromJSON(object);
+ });
+
+ logTriggerSuccessBeforeHook(
+ triggerType,
+ className,
+ 'AfterFind',
+ JSON.stringify(objects),
+ auth,
+ config.logLevels.triggerBeforeSuccess
+ );
+
+ try {
+ await maybeRunValidator(request, `${triggerType}.${className}`, auth);
+
+ if (request.skipWithMasterKey) {
+ return request.objects;
+ }
+
+ const response = await trigger(request);
+ let results = await Promise.resolve(response);
+
+ logTriggerAfterHook(
+ triggerType,
+ className,
+ JSON.stringify(results),
+ auth,
+ config.logLevels.triggerAfter
+ );
+
+ if (!results) {
+ results = request.objects;
+ }
+
+ return results.map(toJSONwithObjects)
+ } catch (e) {
+ const error = resolveError(e, {
+ code: Parse.Error.SCRIPT_FAILED,
+ message: 'Script failed.',
+ });
+
+ throw error;
+ }
+};
+
+export async function maybeRunQueryTrigger(
+ triggerType,
+ className,
+ restWhere,
+ restOptions,
+ config,
+ auth,
+ context,
+ isGet,
+ response
+) {
+ const trigger = getTrigger(className, triggerType, config.applicationId);
+ if (!trigger) {
+ return {
+ restWhere,
+ restOptions,
+ };
+ }
+
+ const json = { ...restOptions, where: restWhere };
+
+ const parseQuery = new Parse.Query(className);
+ parseQuery.withJSON(json);
+
+ const count = restOptions ? !!restOptions.count : false;
+
+ const requestObject = getRequestQueryObject(
+ triggerType,
+ auth,
+ parseQuery,
+ count,
+ config,
+ context,
+ isGet
+ );
+
+ try {
+ await maybeRunValidator(requestObject, `${triggerType}.${className}`, auth);
+
+ let result = requestObject.query;
+ if (!requestObject.skipWithMasterKey) {
+ result = await trigger(requestObject, response);
+ }
+
+ let queryResult = parseQuery;
+ if (result && result instanceof Parse.Query) {
+ queryResult = result;
+ }
+
+ const jsonQuery = queryResult.toJSON();
+ if (jsonQuery.where) {
+ restWhere = jsonQuery.where;
+ }
+
+ restOptions = restOptions || {};
+ if (jsonQuery.limit) {
+ restOptions.limit = jsonQuery.limit;
+ }
+ if (jsonQuery.skip) {
+ restOptions.skip = jsonQuery.skip;
+ }
+ if (jsonQuery.include) {
+ restOptions.include = jsonQuery.include;
+ }
+ if (jsonQuery.excludeKeys) {
+ restOptions.excludeKeys = jsonQuery.excludeKeys;
+ }
+ if (jsonQuery.explain) {
+ restOptions.explain = jsonQuery.explain;
+ }
+ if (jsonQuery.keys) {
+ restOptions.keys = jsonQuery.keys;
+ }
+ if (jsonQuery.order) {
+ restOptions.order = jsonQuery.order;
+ }
+ if (jsonQuery.hint) {
+ restOptions.hint = jsonQuery.hint;
+ }
+ if (jsonQuery.comment) {
+ restOptions.comment = jsonQuery.comment;
+ }
+ if (requestObject.readPreference) {
+ restOptions.readPreference = requestObject.readPreference;
+ }
+ if (requestObject.includeReadPreference) {
+ restOptions.includeReadPreference = requestObject.includeReadPreference;
+ }
+ if (requestObject.subqueryReadPreference) {
+ restOptions.subqueryReadPreference = requestObject.subqueryReadPreference;
+ }
+
+ return {
+ restWhere,
+ restOptions,
+ };
+ } catch (err) {
+ const error = resolveError(err, {
+ code: Parse.Error.SCRIPT_FAILED,
+ message: 'Script failed. Unknown error.',
+ });
+ throw error;
+ }
+}
+
+function getRequestQueryObject(triggerType, auth, query, count, config, context, isGet) {
+ isGet = !!isGet;
+
+ const request = {
+ triggerName: triggerType,
+ query,
+ master: false,
+ count,
+ log: config.loggerController,
+ isGet,
+ headers: config.headers,
+ ip: config.ip,
+ context: context || {},
+ };
+
+ if (!auth) {
+ return request;
+ }
+ if (auth.isMaster) {
+ request['master'] = true;
+ }
+ if (auth.user) {
+ request['user'] = auth.user;
+ }
+ if (auth.installationId) {
+ request['installationId'] = auth.installationId;
+ }
+ return request;
+}
diff --git a/src/Triggers/Trigger.js b/src/Triggers/Trigger.js
new file mode 100644
index 0000000000..2954b3b797
--- /dev/null
+++ b/src/Triggers/Trigger.js
@@ -0,0 +1,175 @@
+import { getTrigger, Types } from "./TriggerStore";
+import { maybeRunValidator } from "./Validator";
+import { logTriggerAfterHook, logTriggerSuccessBeforeHook, logTriggerErrorBeforeHook } from "./Logger";
+import { toJSONwithObjects, resolveError } from "./Utils";
+
+export function getRequestObject(
+ triggerType,
+ auth,
+ parseObject,
+ originalParseObject,
+ config,
+ context
+) {
+ const request = {
+ triggerName: triggerType,
+ object: parseObject,
+ master: false,
+ log: config.loggerController,
+ headers: config.headers,
+ ip: config.ip,
+ };
+
+ if (originalParseObject) {
+ request.original = originalParseObject;
+ }
+ if (
+ triggerType === Types.beforeSave ||
+ triggerType === Types.afterSave ||
+ triggerType === Types.beforeDelete ||
+ triggerType === Types.afterDelete ||
+ triggerType === Types.beforeLogin ||
+ triggerType === Types.afterLogin ||
+ triggerType === Types.afterFind
+ ) {
+ // Set a copy of the context on the request object.
+ request.context = Object.assign({}, context);
+ }
+
+ if (!auth) {
+ return request;
+ }
+ if (auth.isMaster) {
+ request['master'] = true;
+ }
+ if (auth.user) {
+ request['user'] = auth.user;
+ }
+ if (auth.installationId) {
+ request['installationId'] = auth.installationId;
+ }
+ return request;
+}
+
+export async function maybeRunTrigger(
+ triggerType,
+ auth,
+ parseObject,
+ originalParseObject,
+ config,
+ context,
+ responseObject
+) {
+ try {
+ if (!parseObject) {
+ return {};
+ }
+
+ const trigger = getTrigger(parseObject.className, triggerType, config.applicationId);
+ if (!trigger) {
+ return;
+ }
+
+ const request = getRequestObject(
+ triggerType,
+ auth,
+ parseObject,
+ originalParseObject,
+ config,
+ context
+ );
+
+ await maybeRunValidator(request, `${triggerType}.${parseObject.className}`, auth);
+
+ if (request.skipWithMasterKey) {
+ return;
+ }
+
+ const response = await trigger(request, responseObject);
+
+ if (triggerType === Types.afterSave || triggerType === Types.afterDelete) {
+ logTriggerAfterHook(
+ triggerType,
+ parseObject.className,
+ parseObject.toJSON(),
+ auth,
+ config.logLevels.triggerAfter
+ );
+ }
+
+ const object = processTriggerResponse(request, response);
+ logTriggerSuccessBeforeHook(
+ triggerType,
+ parseObject.className,
+ parseObject.toJSON(),
+ object,
+ auth,
+ triggerType.startsWith('after')
+ ? config.logLevels.triggerAfter
+ : config.logLevels.triggerBeforeSuccess
+ );
+
+ return object;
+ } catch (e) {
+
+ const error = resolveError(e, {
+ code: Parse.Error.SCRIPT_FAILED,
+ message: 'Script failed.',
+ });
+
+ logTriggerErrorBeforeHook(
+ triggerType,
+ parseObject.className,
+ parseObject.toJSON(),
+ auth,
+ error,
+ config.logLevels.triggerBeforeError
+ );
+ throw error;
+ }
+}
+
+function processTriggerResponse(request, response) {
+ if (request.triggerName === Types.afterFind) {
+ return (response || request.objects).map(toJSONwithObjects);
+ }
+
+ // if (
+ // response &&
+ // typeof response === 'object' &&
+ // request.triggerName === Types.beforeSave &&
+ // !request.object.equals(response)
+ // ) {
+ // return response;
+ // }
+
+ if (response && typeof response === 'object' && request.triggerName === Types.afterSave) {
+ return response;
+ }
+
+ if (request.triggerName === Types.afterSave) {
+ return;
+ }
+
+ if (request.triggerName === Types.beforeSave) {
+ return {
+ object: {
+ ...request.object._getSaveJSON(),
+ objectId: request.object.id,
+ },
+ };
+ }
+
+ return {};
+}
+
+export async function runTrigger(trigger, name, request, auth) {
+ if (!trigger) {
+ return;
+ }
+ await maybeRunValidator(request, name, auth);
+ if (request.skipWithMasterKey) {
+ return;
+ }
+ return await trigger(request);
+}
diff --git a/src/Triggers/TriggerResponse.js b/src/Triggers/TriggerResponse.js
new file mode 100644
index 0000000000..c86b62e905
--- /dev/null
+++ b/src/Triggers/TriggerResponse.js
@@ -0,0 +1,18 @@
+export default class TriggerResponse {
+ status(status) {
+ this._status = status;
+ }
+ setHeader(name, value) {
+ this._headers = this._headers || {};
+ this._headers[name] = value;
+ }
+
+ toResponseObject(response) {
+ return {
+ response: response.response,
+ status: this._status || response.status,
+ headers: this._headers,
+ location: response.location,
+ };
+ }
+}
diff --git a/src/Triggers/TriggerStore.js b/src/Triggers/TriggerStore.js
new file mode 100644
index 0000000000..8dfa4c6794
--- /dev/null
+++ b/src/Triggers/TriggerStore.js
@@ -0,0 +1,208 @@
+import logger from '../logger';
+
+export const Types = {
+ beforeLogin: 'beforeLogin',
+ afterLogin: 'afterLogin',
+ afterLogout: 'afterLogout',
+ beforeSave: 'beforeSave',
+ afterSave: 'afterSave',
+ beforeDelete: 'beforeDelete',
+ afterDelete: 'afterDelete',
+ beforeFind: 'beforeFind',
+ afterFind: 'afterFind',
+ beforeConnect: 'beforeConnect',
+ beforeSubscribe: 'beforeSubscribe',
+ afterEvent: 'afterEvent',
+};
+
+const baseStore = function () {
+ const Validators = Object.keys(Types).reduce(function (base, key) {
+ base[key] = {};
+ return base;
+ }, {});
+ const Functions = {};
+ const Jobs = {};
+ const LiveQuery = [];
+ const Triggers = Object.keys(Types).reduce(function (base, key) {
+ base[key] = {};
+ return base;
+ }, {});
+
+ return Object.freeze({
+ Functions,
+ Jobs,
+ Validators,
+ Triggers,
+ LiveQuery,
+ });
+};
+
+function validateClassNameForTriggers(className, type) {
+ if (type == Types.beforeSave && className === '_PushStatus') {
+ // _PushStatus uses undocumented nested key increment ops
+ // allowing beforeSave would mess up the objects big time
+ // TODO: Allow proper documented way of using nested increment ops
+ throw 'Only afterSave is allowed on _PushStatus';
+ }
+ if ((type === Types.beforeLogin || type === Types.afterLogin) && className !== '_User') {
+ // TODO: check if upstream code will handle `Error` instance rather
+ // than this anti-pattern of throwing strings
+ throw 'Only the _User class is allowed for the beforeLogin and afterLogin triggers';
+ }
+ if (type === Types.afterLogout && className !== '_Session') {
+ // TODO: check if upstream code will handle `Error` instance rather
+ // than this anti-pattern of throwing strings
+ throw 'Only the _Session class is allowed for the afterLogout trigger.';
+ }
+ if (className === '_Session' && type !== Types.afterLogout) {
+ // TODO: check if upstream code will handle `Error` instance rather
+ // than this anti-pattern of throwing strings
+ throw 'Only the afterLogout trigger is allowed for the _Session class.';
+ }
+ return className;
+}
+
+const _triggerStore = {};
+
+const Category = {
+ Functions: 'Functions',
+ Validators: 'Validators',
+ Jobs: 'Jobs',
+ Triggers: 'Triggers',
+};
+
+function getStore(category, name, applicationId) {
+ const invalidNameRegex = /['"`]/;
+ if (invalidNameRegex.test(name)) {
+ // Prevent a malicious user from injecting properties into the store
+ return {};
+ }
+
+ const path = name.split('.');
+ path.splice(-1); // remove last component
+ applicationId = applicationId || Parse.applicationId;
+ _triggerStore[applicationId] = _triggerStore[applicationId] || baseStore();
+ let store = _triggerStore[applicationId][category];
+ for (const component of path) {
+ store = store[component];
+ if (!store) {
+ return {};
+ }
+ }
+ return store;
+}
+
+function add(category, name, handler, applicationId) {
+ const lastComponent = name.split('.').splice(-1);
+ const store = getStore(category, name, applicationId);
+ if (store[lastComponent]) {
+ logger.warn(
+ `Warning: Duplicate cloud functions exist for ${lastComponent}. Only the last one will be used and the others will be ignored.`
+ );
+ }
+ store[lastComponent] = handler;
+}
+
+function remove(category, name, applicationId) {
+ const lastComponent = name.split('.').splice(-1);
+ const store = getStore(category, name, applicationId);
+ delete store[lastComponent];
+}
+
+function get(category, name, applicationId) {
+ const lastComponent = name.split('.').splice(-1);
+ const store = getStore(category, name, applicationId);
+ return store[lastComponent];
+}
+
+export function addFunction(functionName, handler, validationHandler, applicationId) {
+ add(Category.Functions, functionName, handler, applicationId);
+ add(Category.Validators, functionName, validationHandler, applicationId);
+}
+
+export function addJob(jobName, handler, applicationId) {
+ add(Category.Jobs, jobName, handler, applicationId);
+}
+
+export function addTrigger(type, className, handler, applicationId, validationHandler) {
+ validateClassNameForTriggers(className, type);
+ add(Category.Triggers, `${type}.${className}`, handler, applicationId);
+ add(Category.Validators, `${type}.${className}`, validationHandler, applicationId);
+}
+
+export function addLiveQueryEventHandler(handler, applicationId) {
+ applicationId = applicationId || Parse.applicationId;
+ _triggerStore[applicationId] = _triggerStore[applicationId] || baseStore();
+ _triggerStore[applicationId].LiveQuery.push(handler);
+}
+
+export function runLiveQueryEventHandlers(data, applicationId = Parse.applicationId) {
+ if (!_triggerStore || !_triggerStore[applicationId] || !_triggerStore[applicationId].LiveQuery) {
+ return;
+ }
+ _triggerStore[applicationId].LiveQuery.forEach(handler => handler(data));
+}
+
+export function removeFunction(functionName, applicationId) {
+ remove(Category.Functions, functionName, applicationId);
+}
+
+export function removeTrigger(type, className, applicationId) {
+ remove(Category.Triggers, `${type}.${className}`, applicationId);
+}
+
+export function _unregisterAll() {
+ Object.keys(_triggerStore).forEach(appId => delete _triggerStore[appId]);
+}
+
+export function triggerExists(className: string, type: string, applicationId: string): boolean {
+ return getTrigger(className, type, applicationId) != undefined;
+}
+
+export function getTrigger(className, triggerType, applicationId) {
+ if (!applicationId) {
+ throw 'Missing ApplicationID';
+ }
+ return get(Category.Triggers, `${triggerType}.${className}`, applicationId);
+}
+
+export function getFunction(functionName, applicationId) {
+ return get(Category.Functions, functionName, applicationId);
+}
+
+export function getValidator(functionName, applicationId) {
+ return get(Category.Validators, functionName, applicationId);
+}
+
+export function getJob(jobName, applicationId) {
+ return get(Category.Jobs, jobName, applicationId);
+}
+
+export function getJobs(applicationId) {
+ const manager = _triggerStore[applicationId];
+ if (manager && manager.Jobs) {
+ return manager.Jobs;
+ }
+ return undefined;
+}
+
+export function getFunctionNames(applicationId) {
+ const store =
+ (_triggerStore[applicationId] && _triggerStore[applicationId][Category.Functions]) || {};
+ const functionNames = [];
+ const extractFunctionNames = (namespace, store) => {
+ Object.keys(store).forEach(name => {
+ const value = store[name];
+ if (namespace) {
+ name = `${namespace}.${name}`;
+ }
+ if (typeof value === 'function') {
+ functionNames.push(name);
+ } else {
+ extractFunctionNames(name, value);
+ }
+ });
+ };
+ extractFunctionNames(null, store);
+ return functionNames;
+}
diff --git a/src/Triggers/Utils.js b/src/Triggers/Utils.js
new file mode 100644
index 0000000000..84ae18288a
--- /dev/null
+++ b/src/Triggers/Utils.js
@@ -0,0 +1,64 @@
+export function getClassName(parseClass) {
+ if (parseClass && parseClass.className) {
+ return parseClass.className;
+ }
+ if (parseClass && parseClass.name) {
+ return parseClass.name.replace('Parse', '@');
+ }
+ return parseClass;
+}
+
+export function inflate(data, restObject) {
+ const copy = typeof data == 'object' ? data : { className: data };
+ for (const key in restObject) {
+ copy[key] = restObject[key];
+ }
+ return Parse.Object.fromJSON(copy);
+}
+
+export function resolveError(message, defaultOpts) {
+ if (!defaultOpts) {
+ defaultOpts = {};
+ }
+ if (!message) {
+ return new Parse.Error(
+ defaultOpts.code || Parse.Error.SCRIPT_FAILED,
+ defaultOpts.message || 'Script failed.'
+ );
+ }
+ if (message instanceof Parse.Error) {
+ return message;
+ }
+
+ const code = defaultOpts.code || Parse.Error.SCRIPT_FAILED;
+ // If it's an error, mark it as a script failed
+ if (typeof message === 'string') {
+ return new Parse.Error(code, message);
+ }
+ const error = new Parse.Error(code, message.message || message);
+ if (message instanceof Error) {
+ error.stack = message.stack;
+ }
+ return error;
+}
+
+export function toJSONwithObjects(object, className) {
+ if (!object || !object.toJSON) {
+ return {};
+ }
+ const toJSON = object.toJSON();
+ const stateController = Parse.CoreManager.getObjectStateController();
+ const [pending] = stateController.getPendingOps(object._getStateIdentifier());
+ for (const key in pending) {
+ const val = object.get(key);
+ if (!val || !val._toFullJSON) {
+ toJSON[key] = val;
+ continue;
+ }
+ toJSON[key] = val._toFullJSON();
+ }
+ if (className) {
+ toJSON.className = className;
+ }
+ return toJSON;
+}
diff --git a/src/Triggers/Validator.js b/src/Triggers/Validator.js
new file mode 100644
index 0000000000..d58a0c6a45
--- /dev/null
+++ b/src/Triggers/Validator.js
@@ -0,0 +1,186 @@
+import { getValidator } from './TriggerStore';
+import { resolveError } from './Utils';
+
+export async function maybeRunValidator(request, functionName, auth) {
+ const theValidator = getValidator(functionName, Parse.applicationId);
+ if (!theValidator) {
+ return;
+ }
+
+ if (typeof theValidator === 'object' && theValidator.skipWithMasterKey && request.master) {
+ request.skipWithMasterKey = true;
+ return;
+ }
+
+ try {
+ if (typeof theValidator === 'object') {
+ await builtInTriggerValidator(theValidator, request, auth);
+ return;
+ }
+
+ await theValidator(request);
+ } catch (e) {
+ throw resolveError(e, {
+ code: Parse.Error.VALIDATION_ERROR,
+ message: 'Validation failed.',
+ });
+ }
+}
+
+const requiredParam = (params, key) => {
+ const value = params[key];
+ if (value == null) {
+ throw `Validation failed. Please specify data for ${key}.`;
+ }
+};
+
+const validateOptions = async (opt, key, val) => {
+ let opts = opt.options;
+ if (typeof opts === 'function') {
+ try {
+ const result = await opts(val);
+ if (!result && result != null) {
+ throw opt.error || `Validation failed. Invalid value for ${key}.`;
+ }
+ } catch (e) {
+ throw opt.error || e.message || e || `Validation failed. Invalid value for ${key}.`;
+ }
+ return;
+ }
+
+ opts = Array.isArray(opts) ? opts : [opts];
+
+ if (!opts.includes(val)) {
+ throw (
+ opt.error || `Validation failed. Invalid option for ${key}. Expected: ${opts.join(', ')}`
+ );
+ }
+};
+
+const getType = fn => {
+ const match = fn && fn.toString().match(/\^\s*function (\w+)/);
+ return (match ? match[1] : '').toLowerCase();
+};
+
+const processField = async (opt, key, params, request) => {
+ let val = params[key];
+
+ if (opt.default != null && val == null) {
+ val = opt.default;
+ params[key] = val;
+ request.object?.set(key, val);
+ }
+
+ if (opt.constant && request.object) {
+ if (request.original) {
+ request.object.revert(key);
+ } else if (opt.default != null) {
+ request.object.set(key, opt.default);
+ }
+ }
+
+ if (opt.required) {
+ requiredParam(params, key);
+ }
+
+ if (!opt.required && val === undefined) {
+ return;
+ }
+
+ if (opt.type) {
+ const type = getType(opt.type);
+ const valType = Array.isArray(val) ? 'array' : typeof val;
+ if (valType !== type) {
+ throw `Validation failed. Invalid type for ${key}. Expected: ${type}`;
+ }
+ }
+
+ if (opt.options) {
+ await validateOptions(opt, key, val);
+ }
+};
+
+const processFields = async (fields, params, request) => {
+ const promises = Object.entries(fields).map(async ([key, opt]) => {
+ if (typeof opt === 'string') {
+ return requiredParam(params, opt);
+ }
+ return processField(opt, key, params, request);
+ });
+ await Promise.all(promises);
+};
+
+const validateRoles = async (options, auth, roles) => {
+ const [userRoles, requireAllRoles] = await Promise.all([
+ Array.isArray(options.requireAnyUserRoles)
+ ? options.requireAnyUserRoles
+ : options.requireAnyUserRoles?.(),
+ Array.isArray(options.requireAllUserRoles)
+ ? options.requireAllUserRoles
+ : options.requireAllUserRoles?.(),
+ ]);
+
+ if (userRoles) {
+ const hasRole = userRoles.some(role => roles.includes(`role:${role}`));
+ if (!hasRole) {
+ throw 'Validation failed. User does not match the required roles.';
+ }
+ }
+
+ if (requireAllRoles) {
+ const missingRoles = requireAllRoles.filter(role => !roles.includes(`role:${role}`));
+ if (missingRoles.length) {
+ throw 'Validation failed. User does not match all the required roles.';
+ }
+ }
+};
+
+const validateUserKeys = async (options, reqUser) => {
+ if (Array.isArray(options.requireUserKeys)) {
+ options.requireUserKeys.forEach(key => {
+ if (!reqUser || reqUser.get(key) == null) {
+ throw `Validation failed. Please set data for ${key} on your account.`;
+ }
+ });
+ return;
+ }
+
+ const promises = Object.entries(options.requireUserKeys || {}).map(([key, opt]) =>
+ validateOptions(opt, key, reqUser.get(key))
+ );
+ await Promise.all(promises);
+};
+
+async function builtInTriggerValidator(options, request, auth) {
+ if (request.master && !options.validateMasterKey) {
+ return;
+ }
+
+ const reqUser = request.user || (request.object?.className === '_User' && !request.object.existed() ? request.object : null);
+
+ if ((options.requireUser || options.requireAnyUserRoles || options.requireAllUserRoles) && !reqUser) {
+ throw 'Validation failed. Please login to continue.';
+ }
+
+ if (options.requireMaster && !request.master) {
+ throw 'Validation failed. Master key is required to complete this request.';
+ }
+
+ const params = request.object?.toJSON() || request.params || {};
+
+ const fieldPromises = [];
+
+ if (Array.isArray(options.fields)) {
+ fieldPromises.push(...options.fields.map(field => requiredParam(params, field)));
+ } else if (typeof options.fields === 'object') {
+ fieldPromises.push(processFields(options.fields, params, request));
+ }
+
+ const roles = await auth.getUserRoles();
+
+ await Promise.all([
+ ...fieldPromises,
+ validateRoles(options, auth, roles),
+ validateUserKeys(options, reqUser),
+ ]);
+}
diff --git a/src/cloud-code/Parse.Cloud.js b/src/cloud-code/Parse.Cloud.js
index 3f33e5100d..9c08ecca57 100644
--- a/src/cloud-code/Parse.Cloud.js
+++ b/src/cloud-code/Parse.Cloud.js
@@ -529,8 +529,9 @@ ParseCloud.afterFind = function (parseClass, handler, validationHandler) {
*/
ParseCloud.beforeConnect = function (handler, validationHandler) {
validateValidator(validationHandler);
- triggers.addConnectTrigger(
+ triggers.addTrigger(
triggers.Types.beforeConnect,
+ '@Connect',
handler,
Parse.applicationId,
validationHandler
diff --git a/src/rest.js b/src/rest.js
index 1f9dbacb73..efc9b2f395 100644
--- a/src/rest.js
+++ b/src/rest.js
@@ -25,7 +25,7 @@ function checkLiveQuery(className, config) {
}
// Returns a promise for an object with optional keys 'results' and 'count'.
-const find = async (config, auth, className, restWhere, restOptions, clientSDK, context) => {
+const find = async (config, auth, className, restWhere, restOptions, clientSDK, context, response) => {
const query = await RestQuery({
method: RestQuery.Method.find,
config,
@@ -35,12 +35,13 @@ const find = async (config, auth, className, restWhere, restOptions, clientSDK,
restOptions,
clientSDK,
context,
+ response
});
return query.execute();
};
// get is just like find but only queries an objectId.
-const get = async (config, auth, className, objectId, restOptions, clientSDK, context) => {
+const get = async (config, auth, className, objectId, restOptions, clientSDK, context, response) => {
var restWhere = { objectId };
const query = await RestQuery({
method: RestQuery.Method.get,
@@ -51,12 +52,13 @@ const get = async (config, auth, className, objectId, restOptions, clientSDK, co
restOptions,
clientSDK,
context,
+ response,
});
return query.execute();
};
// Returns a promise that doesn't resolve to any useful value.
-function del(config, auth, className, objectId, context) {
+function del(config, auth, className, objectId, context, responseObject) {
if (typeof objectId !== 'string') {
throw new Parse.Error(Parse.Error.INVALID_JSON, 'bad objectId');
}
@@ -100,7 +102,8 @@ function del(config, auth, className, objectId, context) {
inflatedObject,
null,
config,
- context
+ context,
+ responseObject
);
}
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Object not found for delete.');
@@ -146,7 +149,8 @@ function del(config, auth, className, objectId, context) {
inflatedObject,
null,
config,
- context
+ context,
+ responseObject
);
})
.catch(error => {
@@ -155,16 +159,16 @@ function del(config, auth, className, objectId, context) {
}
// Returns a promise for a {response, status, location} object.
-function create(config, auth, className, restObject, clientSDK, context) {
+function create(config, auth, className, restObject, clientSDK, context, response) {
enforceRoleSecurity('create', className, auth);
- var write = new RestWrite(config, auth, className, null, restObject, null, clientSDK, context);
+ var write = new RestWrite(config, auth, className, null, restObject, null, clientSDK, context, undefined, response);
return write.execute();
}
// Returns a promise that contains the fields of the update that the
// REST API is supposed to return.
// Usually, this is just updatedAt.
-function update(config, auth, className, restWhere, restObject, clientSDK, context) {
+function update(config, auth, className, restWhere, restObject, clientSDK, context, response) {
enforceRoleSecurity('update', className, auth);
return Promise.resolve()
@@ -182,6 +186,7 @@ function update(config, auth, className, restWhere, restObject, clientSDK, conte
runAfterFind: false,
runBeforeFind: false,
context,
+ response
});
return query.execute({
op: 'update',
@@ -203,7 +208,8 @@ function update(config, auth, className, restWhere, restObject, clientSDK, conte
originalRestObject,
clientSDK,
context,
- 'update'
+ 'update',
+ response
).execute();
})
.catch(error => {
diff --git a/src/triggers.js b/src/triggers.js
index 0f1b632078..db4185295e 100644
--- a/src/triggers.js
+++ b/src/triggers.js
@@ -1,1064 +1,36 @@
-// triggers.js
-import Parse from 'parse/node';
-import { logger } from './logger';
-
-export const Types = {
- beforeLogin: 'beforeLogin',
- afterLogin: 'afterLogin',
- afterLogout: 'afterLogout',
- beforeSave: 'beforeSave',
- afterSave: 'afterSave',
- beforeDelete: 'beforeDelete',
- afterDelete: 'afterDelete',
- beforeFind: 'beforeFind',
- afterFind: 'afterFind',
- beforeConnect: 'beforeConnect',
- beforeSubscribe: 'beforeSubscribe',
- afterEvent: 'afterEvent',
-};
-
-const ConnectClassName = '@Connect';
-
-const baseStore = function () {
- const Validators = Object.keys(Types).reduce(function (base, key) {
- base[key] = {};
- return base;
- }, {});
- const Functions = {};
- const Jobs = {};
- const LiveQuery = [];
- const Triggers = Object.keys(Types).reduce(function (base, key) {
- base[key] = {};
- return base;
- }, {});
-
- return Object.freeze({
- Functions,
- Jobs,
- Validators,
- Triggers,
- LiveQuery,
- });
-};
-
-export function getClassName(parseClass) {
- if (parseClass && parseClass.className) {
- return parseClass.className;
- }
- if (parseClass && parseClass.name) {
- return parseClass.name.replace('Parse', '@');
- }
- return parseClass;
-}
-
-function validateClassNameForTriggers(className, type) {
- if (type == Types.beforeSave && className === '_PushStatus') {
- // _PushStatus uses undocumented nested key increment ops
- // allowing beforeSave would mess up the objects big time
- // TODO: Allow proper documented way of using nested increment ops
- throw 'Only afterSave is allowed on _PushStatus';
- }
- if ((type === Types.beforeLogin || type === Types.afterLogin) && className !== '_User') {
- // TODO: check if upstream code will handle `Error` instance rather
- // than this anti-pattern of throwing strings
- throw 'Only the _User class is allowed for the beforeLogin and afterLogin triggers';
- }
- if (type === Types.afterLogout && className !== '_Session') {
- // TODO: check if upstream code will handle `Error` instance rather
- // than this anti-pattern of throwing strings
- throw 'Only the _Session class is allowed for the afterLogout trigger.';
- }
- if (className === '_Session' && type !== Types.afterLogout) {
- // TODO: check if upstream code will handle `Error` instance rather
- // than this anti-pattern of throwing strings
- throw 'Only the afterLogout trigger is allowed for the _Session class.';
- }
- return className;
-}
-
-const _triggerStore = {};
-
-const Category = {
- Functions: 'Functions',
- Validators: 'Validators',
- Jobs: 'Jobs',
- Triggers: 'Triggers',
-};
-
-function getStore(category, name, applicationId) {
- const invalidNameRegex = /['"`]/;
- if (invalidNameRegex.test(name)) {
- // Prevent a malicious user from injecting properties into the store
- return {};
- }
-
- const path = name.split('.');
- path.splice(-1); // remove last component
- applicationId = applicationId || Parse.applicationId;
- _triggerStore[applicationId] = _triggerStore[applicationId] || baseStore();
- let store = _triggerStore[applicationId][category];
- for (const component of path) {
- store = store[component];
- if (!store) {
- return {};
- }
- }
- return store;
-}
-
-function add(category, name, handler, applicationId) {
- const lastComponent = name.split('.').splice(-1);
- const store = getStore(category, name, applicationId);
- if (store[lastComponent]) {
- logger.warn(
- `Warning: Duplicate cloud functions exist for ${lastComponent}. Only the last one will be used and the others will be ignored.`
- );
- }
- store[lastComponent] = handler;
-}
-
-function remove(category, name, applicationId) {
- const lastComponent = name.split('.').splice(-1);
- const store = getStore(category, name, applicationId);
- delete store[lastComponent];
-}
-
-function get(category, name, applicationId) {
- const lastComponent = name.split('.').splice(-1);
- const store = getStore(category, name, applicationId);
- return store[lastComponent];
-}
-
-export function addFunction(functionName, handler, validationHandler, applicationId) {
- add(Category.Functions, functionName, handler, applicationId);
- add(Category.Validators, functionName, validationHandler, applicationId);
-}
-
-export function addJob(jobName, handler, applicationId) {
- add(Category.Jobs, jobName, handler, applicationId);
-}
-
-export function addTrigger(type, className, handler, applicationId, validationHandler) {
- validateClassNameForTriggers(className, type);
- add(Category.Triggers, `${type}.${className}`, handler, applicationId);
- add(Category.Validators, `${type}.${className}`, validationHandler, applicationId);
-}
-
-export function addConnectTrigger(type, handler, applicationId, validationHandler) {
- add(Category.Triggers, `${type}.${ConnectClassName}`, handler, applicationId);
- add(Category.Validators, `${type}.${ConnectClassName}`, validationHandler, applicationId);
-}
-
-export function addLiveQueryEventHandler(handler, applicationId) {
- applicationId = applicationId || Parse.applicationId;
- _triggerStore[applicationId] = _triggerStore[applicationId] || baseStore();
- _triggerStore[applicationId].LiveQuery.push(handler);
-}
-
-export function removeFunction(functionName, applicationId) {
- remove(Category.Functions, functionName, applicationId);
-}
-
-export function removeTrigger(type, className, applicationId) {
- remove(Category.Triggers, `${type}.${className}`, applicationId);
-}
-
-export function _unregisterAll() {
- Object.keys(_triggerStore).forEach(appId => delete _triggerStore[appId]);
-}
-
-export function toJSONwithObjects(object, className) {
- if (!object || !object.toJSON) {
- return {};
- }
- const toJSON = object.toJSON();
- const stateController = Parse.CoreManager.getObjectStateController();
- const [pending] = stateController.getPendingOps(object._getStateIdentifier());
- for (const key in pending) {
- const val = object.get(key);
- if (!val || !val._toFullJSON) {
- toJSON[key] = val;
- continue;
- }
- toJSON[key] = val._toFullJSON();
- }
- if (className) {
- toJSON.className = className;
- }
- return toJSON;
-}
-
-export function getTrigger(className, triggerType, applicationId) {
- if (!applicationId) {
- throw 'Missing ApplicationID';
- }
- return get(Category.Triggers, `${triggerType}.${className}`, applicationId);
-}
-
-export async function runTrigger(trigger, name, request, auth) {
- if (!trigger) {
- return;
- }
- await maybeRunValidator(request, name, auth);
- if (request.skipWithMasterKey) {
- return;
- }
- return await trigger(request);
-}
-
-export function triggerExists(className: string, type: string, applicationId: string): boolean {
- return getTrigger(className, type, applicationId) != undefined;
-}
-
-export function getFunction(functionName, applicationId) {
- return get(Category.Functions, functionName, applicationId);
-}
-
-export function getFunctionNames(applicationId) {
- const store =
- (_triggerStore[applicationId] && _triggerStore[applicationId][Category.Functions]) || {};
- const functionNames = [];
- const extractFunctionNames = (namespace, store) => {
- Object.keys(store).forEach(name => {
- const value = store[name];
- if (namespace) {
- name = `${namespace}.${name}`;
- }
- if (typeof value === 'function') {
- functionNames.push(name);
- } else {
- extractFunctionNames(name, value);
- }
- });
- };
- extractFunctionNames(null, store);
- return functionNames;
-}
-
-export function getJob(jobName, applicationId) {
- return get(Category.Jobs, jobName, applicationId);
-}
-
-export function getJobs(applicationId) {
- var manager = _triggerStore[applicationId];
- if (manager && manager.Jobs) {
- return manager.Jobs;
- }
- return undefined;
-}
-
-export function getValidator(functionName, applicationId) {
- return get(Category.Validators, functionName, applicationId);
-}
-
-export function getRequestObject(
- triggerType,
- auth,
- parseObject,
- originalParseObject,
- config,
- context
-) {
- const request = {
- triggerName: triggerType,
- object: parseObject,
- master: false,
- log: config.loggerController,
- headers: config.headers,
- ip: config.ip,
- };
-
- if (originalParseObject) {
- request.original = originalParseObject;
- }
- if (
- triggerType === Types.beforeSave ||
- triggerType === Types.afterSave ||
- triggerType === Types.beforeDelete ||
- triggerType === Types.afterDelete ||
- triggerType === Types.beforeLogin ||
- triggerType === Types.afterLogin ||
- triggerType === Types.afterFind
- ) {
- // Set a copy of the context on the request object.
- request.context = Object.assign({}, context);
- }
-
- if (!auth) {
- return request;
- }
- if (auth.isMaster) {
- request['master'] = true;
- }
- if (auth.user) {
- request['user'] = auth.user;
- }
- if (auth.installationId) {
- request['installationId'] = auth.installationId;
- }
- return request;
-}
-
-export function getRequestQueryObject(triggerType, auth, query, count, config, context, isGet) {
- isGet = !!isGet;
-
- var request = {
- triggerName: triggerType,
- query,
- master: false,
- count,
- log: config.loggerController,
- isGet,
- headers: config.headers,
- ip: config.ip,
- context: context || {},
- };
-
- if (!auth) {
- return request;
- }
- if (auth.isMaster) {
- request['master'] = true;
- }
- if (auth.user) {
- request['user'] = auth.user;
- }
- if (auth.installationId) {
- request['installationId'] = auth.installationId;
- }
- return request;
-}
-
-// Creates the response object, and uses the request object to pass data
-// The API will call this with REST API formatted objects, this will
-// transform them to Parse.Object instances expected by Cloud Code.
-// Any changes made to the object in a beforeSave will be included.
-export function getResponseObject(request, resolve, reject) {
- return {
- success: function (response) {
- if (request.triggerName === Types.afterFind) {
- if (!response) {
- response = request.objects;
- }
- response = response.map(object => {
- return toJSONwithObjects(object);
- });
- return resolve(response);
- }
- // Use the JSON response
- if (
- response &&
- typeof response === 'object' &&
- !request.object.equals(response) &&
- request.triggerName === Types.beforeSave
- ) {
- return resolve(response);
- }
- if (response && typeof response === 'object' && request.triggerName === Types.afterSave) {
- return resolve(response);
- }
- if (request.triggerName === Types.afterSave) {
- return resolve();
- }
- response = {};
- if (request.triggerName === Types.beforeSave) {
- response['object'] = request.object._getSaveJSON();
- response['object']['objectId'] = request.object.id;
- }
- return resolve(response);
- },
- error: function (error) {
- const e = resolveError(error, {
- code: Parse.Error.SCRIPT_FAILED,
- message: 'Script failed. Unknown error.',
- });
- reject(e);
- },
- };
-}
-
-function userIdForLog(auth) {
- return auth && auth.user ? auth.user.id : undefined;
-}
-
-function logTriggerAfterHook(triggerType, className, input, auth, logLevel) {
- if (logLevel === 'silent') {
- return;
- }
- const cleanInput = logger.truncateLogMessage(JSON.stringify(input));
- logger[logLevel](
- `${triggerType} triggered for ${className} for user ${userIdForLog(
- auth
- )}:\n Input: ${cleanInput}`,
- {
- className,
- triggerType,
- user: userIdForLog(auth),
- }
- );
-}
-
-function logTriggerSuccessBeforeHook(triggerType, className, input, result, auth, logLevel) {
- if (logLevel === 'silent') {
- return;
- }
- const cleanInput = logger.truncateLogMessage(JSON.stringify(input));
- const cleanResult = logger.truncateLogMessage(JSON.stringify(result));
- logger[logLevel](
- `${triggerType} triggered for ${className} for user ${userIdForLog(
- auth
- )}:\n Input: ${cleanInput}\n Result: ${cleanResult}`,
- {
- className,
- triggerType,
- user: userIdForLog(auth),
- }
- );
-}
-
-function logTriggerErrorBeforeHook(triggerType, className, input, auth, error, logLevel) {
- if (logLevel === 'silent') {
- return;
- }
- const cleanInput = logger.truncateLogMessage(JSON.stringify(input));
- logger[logLevel](
- `${triggerType} failed for ${className} for user ${userIdForLog(
- auth
- )}:\n Input: ${cleanInput}\n Error: ${JSON.stringify(error)}`,
- {
- className,
- triggerType,
- error,
- user: userIdForLog(auth),
- }
- );
-}
-
-export function maybeRunAfterFindTrigger(
- triggerType,
- auth,
- className,
- objects,
- config,
- query,
- context
-) {
- return new Promise((resolve, reject) => {
- const trigger = getTrigger(className, triggerType, config.applicationId);
- if (!trigger) {
- return resolve();
- }
- const request = getRequestObject(triggerType, auth, null, null, config, context);
- if (query) {
- request.query = query;
- }
- const { success, error } = getResponseObject(
- request,
- object => {
- resolve(object);
- },
- error => {
- reject(error);
- }
- );
- logTriggerSuccessBeforeHook(
- triggerType,
- className,
- 'AfterFind',
- JSON.stringify(objects),
- auth,
- config.logLevels.triggerBeforeSuccess
- );
- request.objects = objects.map(object => {
- //setting the class name to transform into parse object
- object.className = className;
- return Parse.Object.fromJSON(object);
- });
- return Promise.resolve()
- .then(() => {
- return maybeRunValidator(request, `${triggerType}.${className}`, auth);
- })
- .then(() => {
- if (request.skipWithMasterKey) {
- return request.objects;
- }
- const response = trigger(request);
- if (response && typeof response.then === 'function') {
- return response.then(results => {
- return results;
- });
- }
- return response;
- })
- .then(success, error);
- }).then(results => {
- logTriggerAfterHook(
- triggerType,
- className,
- JSON.stringify(results),
- auth,
- config.logLevels.triggerAfter
- );
- return results;
- });
-}
-
-export function maybeRunQueryTrigger(
- triggerType,
- className,
- restWhere,
- restOptions,
- config,
- auth,
- context,
- isGet
-) {
- const trigger = getTrigger(className, triggerType, config.applicationId);
- if (!trigger) {
- return Promise.resolve({
- restWhere,
- restOptions,
- });
- }
- const json = Object.assign({}, restOptions);
- json.where = restWhere;
-
- const parseQuery = new Parse.Query(className);
- parseQuery.withJSON(json);
-
- let count = false;
- if (restOptions) {
- count = !!restOptions.count;
- }
- const requestObject = getRequestQueryObject(
- triggerType,
- auth,
- parseQuery,
- count,
- config,
- context,
- isGet
- );
- return Promise.resolve()
- .then(() => {
- return maybeRunValidator(requestObject, `${triggerType}.${className}`, auth);
- })
- .then(() => {
- if (requestObject.skipWithMasterKey) {
- return requestObject.query;
- }
- return trigger(requestObject);
- })
- .then(
- result => {
- let queryResult = parseQuery;
- if (result && result instanceof Parse.Query) {
- queryResult = result;
- }
- const jsonQuery = queryResult.toJSON();
- if (jsonQuery.where) {
- restWhere = jsonQuery.where;
- }
- if (jsonQuery.limit) {
- restOptions = restOptions || {};
- restOptions.limit = jsonQuery.limit;
- }
- if (jsonQuery.skip) {
- restOptions = restOptions || {};
- restOptions.skip = jsonQuery.skip;
- }
- if (jsonQuery.include) {
- restOptions = restOptions || {};
- restOptions.include = jsonQuery.include;
- }
- if (jsonQuery.excludeKeys) {
- restOptions = restOptions || {};
- restOptions.excludeKeys = jsonQuery.excludeKeys;
- }
- if (jsonQuery.explain) {
- restOptions = restOptions || {};
- restOptions.explain = jsonQuery.explain;
- }
- if (jsonQuery.keys) {
- restOptions = restOptions || {};
- restOptions.keys = jsonQuery.keys;
- }
- if (jsonQuery.order) {
- restOptions = restOptions || {};
- restOptions.order = jsonQuery.order;
- }
- if (jsonQuery.hint) {
- restOptions = restOptions || {};
- restOptions.hint = jsonQuery.hint;
- }
- if (jsonQuery.comment) {
- restOptions = restOptions || {};
- restOptions.comment = jsonQuery.comment;
- }
- if (requestObject.readPreference) {
- restOptions = restOptions || {};
- restOptions.readPreference = requestObject.readPreference;
- }
- if (requestObject.includeReadPreference) {
- restOptions = restOptions || {};
- restOptions.includeReadPreference = requestObject.includeReadPreference;
- }
- if (requestObject.subqueryReadPreference) {
- restOptions = restOptions || {};
- restOptions.subqueryReadPreference = requestObject.subqueryReadPreference;
- }
- return {
- restWhere,
- restOptions,
- };
- },
- err => {
- const error = resolveError(err, {
- code: Parse.Error.SCRIPT_FAILED,
- message: 'Script failed. Unknown error.',
- });
- throw error;
- }
- );
-}
-
-export function resolveError(message, defaultOpts) {
- if (!defaultOpts) {
- defaultOpts = {};
- }
- if (!message) {
- return new Parse.Error(
- defaultOpts.code || Parse.Error.SCRIPT_FAILED,
- defaultOpts.message || 'Script failed.'
- );
- }
- if (message instanceof Parse.Error) {
- return message;
- }
-
- const code = defaultOpts.code || Parse.Error.SCRIPT_FAILED;
- // If it's an error, mark it as a script failed
- if (typeof message === 'string') {
- return new Parse.Error(code, message);
- }
- const error = new Parse.Error(code, message.message || message);
- if (message instanceof Error) {
- error.stack = message.stack;
- }
- return error;
-}
-export function maybeRunValidator(request, functionName, auth) {
- const theValidator = getValidator(functionName, Parse.applicationId);
- if (!theValidator) {
- return;
- }
- if (typeof theValidator === 'object' && theValidator.skipWithMasterKey && request.master) {
- request.skipWithMasterKey = true;
- }
- return new Promise((resolve, reject) => {
- return Promise.resolve()
- .then(() => {
- return typeof theValidator === 'object'
- ? builtInTriggerValidator(theValidator, request, auth)
- : theValidator(request);
- })
- .then(() => {
- resolve();
- })
- .catch(e => {
- const error = resolveError(e, {
- code: Parse.Error.VALIDATION_ERROR,
- message: 'Validation failed.',
- });
- reject(error);
- });
- });
-}
-async function builtInTriggerValidator(options, request, auth) {
- if (request.master && !options.validateMasterKey) {
- return;
- }
- let reqUser = request.user;
- if (
- !reqUser &&
- request.object &&
- request.object.className === '_User' &&
- !request.object.existed()
- ) {
- reqUser = request.object;
- }
- if (
- (options.requireUser || options.requireAnyUserRoles || options.requireAllUserRoles) &&
- !reqUser
- ) {
- throw 'Validation failed. Please login to continue.';
- }
- if (options.requireMaster && !request.master) {
- throw 'Validation failed. Master key is required to complete this request.';
- }
- let params = request.params || {};
- if (request.object) {
- params = request.object.toJSON();
- }
- const requiredParam = key => {
- const value = params[key];
- if (value == null) {
- throw `Validation failed. Please specify data for ${key}.`;
- }
- };
-
- const validateOptions = async (opt, key, val) => {
- let opts = opt.options;
- if (typeof opts === 'function') {
- try {
- const result = await opts(val);
- if (!result && result != null) {
- throw opt.error || `Validation failed. Invalid value for ${key}.`;
- }
- } catch (e) {
- if (!e) {
- throw opt.error || `Validation failed. Invalid value for ${key}.`;
- }
-
- throw opt.error || e.message || e;
- }
- return;
- }
- if (!Array.isArray(opts)) {
- opts = [opt.options];
- }
-
- if (!opts.includes(val)) {
- throw (
- opt.error || `Validation failed. Invalid option for ${key}. Expected: ${opts.join(', ')}`
- );
- }
- };
-
- const getType = fn => {
- const match = fn && fn.toString().match(/^\s*function (\w+)/);
- return (match ? match[1] : '').toLowerCase();
- };
- if (Array.isArray(options.fields)) {
- for (const key of options.fields) {
- requiredParam(key);
- }
- } else {
- const optionPromises = [];
- for (const key in options.fields) {
- const opt = options.fields[key];
- let val = params[key];
- if (typeof opt === 'string') {
- requiredParam(opt);
- }
- if (typeof opt === 'object') {
- if (opt.default != null && val == null) {
- val = opt.default;
- params[key] = val;
- if (request.object) {
- request.object.set(key, val);
- }
- }
- if (opt.constant && request.object) {
- if (request.original) {
- request.object.revert(key);
- } else if (opt.default != null) {
- request.object.set(key, opt.default);
- }
- }
- if (opt.required) {
- requiredParam(key);
- }
- const optional = !opt.required && val === undefined;
- if (!optional) {
- if (opt.type) {
- const type = getType(opt.type);
- const valType = Array.isArray(val) ? 'array' : typeof val;
- if (valType !== type) {
- throw `Validation failed. Invalid type for ${key}. Expected: ${type}`;
- }
- }
- if (opt.options) {
- optionPromises.push(validateOptions(opt, key, val));
- }
- }
- }
- }
- await Promise.all(optionPromises);
- }
- let userRoles = options.requireAnyUserRoles;
- let requireAllRoles = options.requireAllUserRoles;
- const promises = [Promise.resolve(), Promise.resolve(), Promise.resolve()];
- if (userRoles || requireAllRoles) {
- promises[0] = auth.getUserRoles();
- }
- if (typeof userRoles === 'function') {
- promises[1] = userRoles();
- }
- if (typeof requireAllRoles === 'function') {
- promises[2] = requireAllRoles();
- }
- const [roles, resolvedUserRoles, resolvedRequireAll] = await Promise.all(promises);
- if (resolvedUserRoles && Array.isArray(resolvedUserRoles)) {
- userRoles = resolvedUserRoles;
- }
- if (resolvedRequireAll && Array.isArray(resolvedRequireAll)) {
- requireAllRoles = resolvedRequireAll;
- }
- if (userRoles) {
- const hasRole = userRoles.some(requiredRole => roles.includes(`role:${requiredRole}`));
- if (!hasRole) {
- throw `Validation failed. User does not match the required roles.`;
- }
- }
- if (requireAllRoles) {
- for (const requiredRole of requireAllRoles) {
- if (!roles.includes(`role:${requiredRole}`)) {
- throw `Validation failed. User does not match all the required roles.`;
- }
- }
- }
- const userKeys = options.requireUserKeys || [];
- if (Array.isArray(userKeys)) {
- for (const key of userKeys) {
- if (!reqUser) {
- throw 'Please login to make this request.';
- }
-
- if (reqUser.get(key) == null) {
- throw `Validation failed. Please set data for ${key} on your account.`;
- }
- }
- } else if (typeof userKeys === 'object') {
- const optionPromises = [];
- for (const key in options.requireUserKeys) {
- const opt = options.requireUserKeys[key];
- if (opt.options) {
- optionPromises.push(validateOptions(opt, key, reqUser.get(key)));
- }
- }
- await Promise.all(optionPromises);
- }
-}
-
-// To be used as part of the promise chain when saving/deleting an object
-// Will resolve successfully if no trigger is configured
-// Resolves to an object, empty or containing an object key. A beforeSave
-// trigger will set the object key to the rest format object to save.
-// originalParseObject is optional, we only need that for before/afterSave functions
-export function maybeRunTrigger(
- triggerType,
- auth,
- parseObject,
- originalParseObject,
- config,
- context
-) {
- if (!parseObject) {
- return Promise.resolve({});
- }
- return new Promise(function (resolve, reject) {
- var trigger = getTrigger(parseObject.className, triggerType, config.applicationId);
- if (!trigger) { return resolve(); }
- var request = getRequestObject(
- triggerType,
- auth,
- parseObject,
- originalParseObject,
- config,
- context
- );
- var { success, error } = getResponseObject(
- request,
- object => {
- logTriggerSuccessBeforeHook(
- triggerType,
- parseObject.className,
- parseObject.toJSON(),
- object,
- auth,
- triggerType.startsWith('after')
- ? config.logLevels.triggerAfter
- : config.logLevels.triggerBeforeSuccess
- );
- if (
- triggerType === Types.beforeSave ||
- triggerType === Types.afterSave ||
- triggerType === Types.beforeDelete ||
- triggerType === Types.afterDelete
- ) {
- Object.assign(context, request.context);
- }
- resolve(object);
- },
- error => {
- logTriggerErrorBeforeHook(
- triggerType,
- parseObject.className,
- parseObject.toJSON(),
- auth,
- error,
- config.logLevels.triggerBeforeError
- );
- reject(error);
- }
- );
-
- // AfterSave and afterDelete triggers can return a promise, which if they
- // do, needs to be resolved before this promise is resolved,
- // so trigger execution is synced with RestWrite.execute() call.
- // If triggers do not return a promise, they can run async code parallel
- // to the RestWrite.execute() call.
- return Promise.resolve()
- .then(() => {
- return maybeRunValidator(request, `${triggerType}.${parseObject.className}`, auth);
- })
- .then(() => {
- if (request.skipWithMasterKey) {
- return Promise.resolve();
- }
- const promise = trigger(request);
- if (
- triggerType === Types.afterSave ||
- triggerType === Types.afterDelete ||
- triggerType === Types.afterLogin
- ) {
- logTriggerAfterHook(
- triggerType,
- parseObject.className,
- parseObject.toJSON(),
- auth,
- config.logLevels.triggerAfter
- );
- }
- // beforeSave is expected to return null (nothing)
- if (triggerType === Types.beforeSave) {
- if (promise && typeof promise.then === 'function') {
- return promise.then(response => {
- // response.object may come from express routing before hook
- if (response && response.object) {
- return response;
- }
- return null;
- });
- }
- return null;
- }
-
- return promise;
- })
- .then(success, error);
- });
-}
-
-// Converts a REST-format object to a Parse.Object
-// data is either className or an object
-export function inflate(data, restObject) {
- var copy = typeof data == 'object' ? data : { className: data };
- for (var key in restObject) {
- copy[key] = restObject[key];
- }
- return Parse.Object.fromJSON(copy);
-}
-
-export function runLiveQueryEventHandlers(data, applicationId = Parse.applicationId) {
- if (!_triggerStore || !_triggerStore[applicationId] || !_triggerStore[applicationId].LiveQuery) {
- return;
- }
- _triggerStore[applicationId].LiveQuery.forEach(handler => handler(data));
-}
-
-export function getRequestFileObject(triggerType, auth, fileObject, config) {
- const request = {
- ...fileObject,
- triggerName: triggerType,
- master: false,
- log: config.loggerController,
- headers: config.headers,
- ip: config.ip,
- };
-
- if (!auth) {
- return request;
- }
- if (auth.isMaster) {
- request['master'] = true;
- }
- if (auth.user) {
- request['user'] = auth.user;
- }
- if (auth.installationId) {
- request['installationId'] = auth.installationId;
- }
- return request;
-}
-
-export async function maybeRunFileTrigger(triggerType, fileObject, config, auth) {
- const FileClassName = getClassName(Parse.File);
- const fileTrigger = getTrigger(FileClassName, triggerType, config.applicationId);
- if (typeof fileTrigger === 'function') {
- try {
- const request = getRequestFileObject(triggerType, auth, fileObject, config);
- await maybeRunValidator(request, `${triggerType}.${FileClassName}`, auth);
- if (request.skipWithMasterKey) {
- return fileObject;
- }
- const result = await fileTrigger(request);
- logTriggerSuccessBeforeHook(
- triggerType,
- 'Parse.File',
- { ...fileObject.file.toJSON(), fileSize: fileObject.fileSize },
- result,
- auth,
- config.logLevels.triggerBeforeSuccess
- );
- return result || fileObject;
- } catch (error) {
- logTriggerErrorBeforeHook(
- triggerType,
- 'Parse.File',
- { ...fileObject.file.toJSON(), fileSize: fileObject.fileSize },
- auth,
- error,
- config.logLevels.triggerBeforeError
- );
- throw error;
- }
- }
- return fileObject;
-}
-
-export async function maybeRunGlobalConfigTrigger(triggerType, auth, configObject, originalConfigObject, config, context) {
- const GlobalConfigClassName = getClassName(Parse.Config);
- const configTrigger = getTrigger(GlobalConfigClassName, triggerType, config.applicationId);
- if (typeof configTrigger === 'function') {
- try {
- const request = getRequestObject(triggerType, auth, configObject, originalConfigObject, config, context);
- await maybeRunValidator(request, `${triggerType}.${GlobalConfigClassName}`, auth);
- if (request.skipWithMasterKey) {
- return configObject;
- }
- const result = await configTrigger(request);
- logTriggerSuccessBeforeHook(
- triggerType,
- 'Parse.Config',
- configObject,
- result,
- auth,
- config.logLevels.triggerBeforeSuccess
- );
- return result || configObject;
- } catch (error) {
- logTriggerErrorBeforeHook(
- triggerType,
- 'Parse.Config',
- configObject,
- auth,
- error,
- config.logLevels.triggerBeforeError
- );
- throw error;
- }
- }
- return configObject;
+import { _unregisterAll, getTrigger, Types, triggerExists, addTrigger, addFunction, getFunction, getJob, getJobs, runLiveQueryEventHandlers, addLiveQueryEventHandler, addJob, removeTrigger, getFunctionNames } from "./Triggers/TriggerStore";
+import { maybeRunTrigger, getRequestObject, runTrigger } from "./Triggers/Trigger";
+import { getClassName, inflate, resolveError, toJSONwithObjects } from "./Triggers/Utils";
+import { maybeRunQueryTrigger,maybeRunAfterFindTrigger } from "./Triggers/QueryTrigger";
+import { maybeRunValidator } from "./Triggers/Validator";
+import { maybeRunFileTrigger } from "./Triggers/FileTrigger";
+import { maybeRunGlobalConfigTrigger } from "./Triggers/ConfigTrigger";
+
+export {
+ _unregisterAll,
+ getTrigger,
+ maybeRunTrigger,
+ runTrigger,
+ Types,
+ triggerExists,
+ getClassName,
+ addTrigger,
+ inflate,
+ addFunction,
+ resolveError,
+ maybeRunQueryTrigger,
+ getFunction,
+ maybeRunValidator,
+ maybeRunFileTrigger,
+ getRequestObject,
+ getJob,
+ addJob,
+ addLiveQueryEventHandler,
+ maybeRunGlobalConfigTrigger,
+ maybeRunAfterFindTrigger,
+ toJSONwithObjects,
+ runLiveQueryEventHandlers,
+ removeTrigger,
+ getJobs,
+ getFunctionNames
}